Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

hs: Pad RENDEZVOUS1 v3 cell to match length of v2

RENDEZVOUS1 cell is 84 bytes long in v3 and 168 bytes long in v2 so this
commit pads with random bytes the v3 cells up to 168 bytes so they all look
alike at the rendezvous point.

Closes #23420

Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet 6 years ago
parent
1f602e8643
commit
a3f5a24669
4 changed files with 20 additions and 1 deletions
Split View Show Diff Stats
  1. 4 0
      changes/ticket23420
  2. 9 0
      src/or/hs_circuit.c
  3. 6 0
      src/or/hs_common.h
  4. 1 1
      src/or/rendservice.c

+ 4 - 0
changes/ticket23420
View File 

@@ -0,0 +1,4 @@
 
+  o Minor bugfixes (hidden service v3):
 
+    - Pad RENDEZVOUS cell up to the size of the legacy cell which is much
 
+      bigger so the rendezvous point can't distinguish which hidden service
 
+      protocol is being used. Fixes ticket 23420.; bugfix on 0.3.2.1-alpha.

+ 9 - 0
src/or/hs_circuit.c
View File 

@@ -820,6 +820,15 @@ hs_circ_service_rp_has_opened(const hs_service_t *service,
 
                         sizeof(circ->hs_ident->rendezvous_handshake_info),
 
                         payload);
 
 
+  /* Pad the payload with random bytes so it matches the size of a legacy cell
 
+   * which is normally always bigger. Also, the size of a legacy cell is
 
+   * always smaller than the RELAY_PAYLOAD_SIZE so this is safe. */
 
+  if (payload_len < HS_LEGACY_RENDEZVOUS_CELL_SIZE) {
 
+    crypto_rand((char *) payload + payload_len,
 
+                HS_LEGACY_RENDEZVOUS_CELL_SIZE - payload_len);
 
+    payload_len = HS_LEGACY_RENDEZVOUS_CELL_SIZE;
 
+  }
 
+
 
   if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
 
                                    RELAY_COMMAND_RENDEZVOUS1,
 
                                    (const char *) payload, payload_len,

+ 6 - 0
src/or/hs_common.h
View File 

@@ -118,6 +118,12 @@
 
 /* Default value of hsdir spread fetch (hsdir_spread_fetch). */
 
 #define HS_DEFAULT_HSDIR_SPREAD_FETCH 3
 
 
+/* The size of a legacy RENDEZVOUS1 cell which adds up to 168 bytes. It is
 
+ * bigger than the 84 bytes needed for version 3 so we need to pad up to that
 
+ * length so it is indistinguishable between versions. */
 
+#define HS_LEGACY_RENDEZVOUS_CELL_SIZE \
 
+  (REND_COOKIE_LEN + DH_KEY_LEN + DIGEST_LEN)
 
+
 
 /* Type of authentication key used by an introduction point. */
 
 typedef enum {
 
   HS_AUTH_KEY_TYPE_LEGACY  = 1,

+ 1 - 1
src/or/rendservice.c
View File 

@@ -3398,7 +3398,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
 
   /* Send the cell */
 
   if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit),
 
                                    RELAY_COMMAND_RENDEZVOUS1,
 
-                                   buf, REND_COOKIE_LEN+DH_KEY_LEN+DIGEST_LEN,
 
+                                   buf, HS_LEGACY_RENDEZVOUS_CELL_SIZE,
 
                                    circuit->cpath->prev)<0) {
 
     log_warn(LD_GENERAL, "Couldn't send RENDEZVOUS1 cell.");
 
     goto done;